I am trying to implement a custom authenticator (execution) which will be added in clients authentication flow as the last execution. The authenticator would read the token from request’s HTTP header and call a 3rd party OIDC service to verify the token.
Expectation: If the authentication succeeds, request would continue and client registration would be successful. If the authentication failed, request would fail with appropriate error message.
Also I need to make sure other client flows are not affected due to this change
For this I have a custom implementation which implements ClientAuthenticator and ClientAuthenticatorFactory and added the custom factory in META-INF too. I have created a new realm to test this functionality and created a copy of the Clients Authenticator. To this copy I added my custom authenticator (with Provider id : token-auth) and I have chosen the required radio option.
To test the authenticator when I hit
curl -X POST \
-d '{ "clientId": "test-client" }' \
-H "Content-Type:application/json" \
-H "Authorization: bearer D9iYa_ApwHgttCsRA7Msc74tGjNrk5ZmKwF1AJubmT4.cczyCqz6NlCTVQYDO-5qYPUzPxuk-kXSlWjlFTrBD7I" \
http://localhost:8080/auth/realms/customers/clients-registrations/default
I get the response as
{
"error": "invalid_token",
"error_description": "Failed decode token"
}
The token is a valid token. Not sure where I had made the mistake.